Security Use Case Library
Browse the categories below to learn how you can use Splunk Enterprise Security, Splunk SOAR, Splunk User Behavior Analytics, or Splunk Intel Management (Legacy) to accomplish your security business goals. Or, if you are a Splunk platform user, check out our Security use case library for Splunk platform.
- Behavior Analysis
- Detecting cloud federated credential abuse in AWS
- Detecting cloud federated credential abuse in Windows
- Detecting insider threats
- Detecting privilege escalation in your AWS environment
- Detecting suspicious activities within AWS cloud instances
- Detecting unusual GCP service account usage
- Investigating interesting behavior patterns with risk-based alerting
- Compliance
- Conducting an Azure new user census
- Detecting non-privileged user accounts conducting privileged actions
- Detecting Personally Identifiable Information (PII) in log data for GDPR compliance
- Using Splunk Enterprise Security to ensure GDPR compliance
- Using Splunk Enterprise Security to ensure PCI compliance
- Verifying multifactor authentication usage in O365
- Threat Hunting
- Assessing and expanding MITRE ATT&CK coverage in Splunk Enterprise Security
- Detecting AWS security hub alerts
- Detecting BlackMatter ransomware
- Detecting Clop ransomware
- Detecting DarkSide ransomware
- Detecting FIN7 attacks
- Detecting indicators of Remcos RAT malware
- Detecting Log4j remote code execution
- Detecting Netsh attacks
- Detecting Office 365 attacks
- Detecting password spraying attacks within Active Directory environments
- Detecting print spooler attacks
- Detecting ransomware activities within AWS environments
- Detecting REvil ransomware infections
- Detecting usage of popular Linux post-exploitation tools
- Detecting Windows file extension abuse
- Monitoring AWS S3 for suspicious activities
- Monitoring command line interface actions
- Monitoring for signs of a Windows privilege escalation attack
- Monitoring use of Git repositories
- Getting started with MITRE ATT&CK in Enterprise Security and Security Essentials